Today at 1:48pm, Michael Ströder wrote:
> I also can't see how removing SUBSTR matching gives you more access control.
> Either your directory is public or not. Well, thank *you* for playing...
By removing SUBSTR matching, I prevent uid searches from being used to
learn of new uid's. I change them into confirmation that this uid
exists instead of tell me all the uid's that contain this pattern --
doesn't mean they can't still be used to glom userids but means you have
to do a lot of searches (one for each userid you think might exist).
Thank you! Do I get a prize for being obstinate?
--
Frank Swasey | http://www.uvm.edu/~fcs
Systems Programmer | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
=== God Bless Us All ===